ThreatPress

WordPress Vulnerability Database

Back

WordPress Shapely theme <= 1.2.8 - Unauthenticated Function Injection vulnerability

Product
Shapely
Description
Unauthenticated Function Injection vulnerability found by Jerome Bruandet (NinTechNet) in WordPress Shapely theme (versions <= 1.2.8).
Solution
Update the WordPress Shapely theme to the latest available version (at least 1.2.9).
Classification
Type Unknown
OWASP Top 10 A1: Injection
References
Theme changelog
Vulnerability details
CVE
Name CVE-N/A
Versions
Affected In <= 1.2.8
Fixed In 1.2.9
Disclosure date
2020-10-01
Credits
Jerome Bruandet (NinTechNet)